P
US9971624B2ActiveUtilityPatentIndex 92

Logical processing for containers

Assignee: NICIRA INCPriority: May 17, 2015Filed: Aug 28, 2015Granted: May 15, 2018
Est. expiryMay 17, 2035(~8.9 yrs left)· nominal 20-yr term from priority
Inventors:BEHERA SOMIKHAN DONGHAISHEN JIANJUNPETTIT JUSTIN
G06F 9/5077H04L 45/745G06F 2009/45583H04L 45/586H04L 41/0806H04L 12/4641G06F 2009/45595H04L 29/08072G06F 9/45558H04L 69/329
92
PatentIndex Score
12
Cited by
22
References
24
Claims

Abstract

Some embodiments provide a local network controller that manages a first managed forwarding element (MFE) operating to forward traffic on a host machine for several logical networks and configures the first MFE to forward traffic for a set of containers operating within a container virtual machine (VM) that connects to the first MFE. The local network controller receives, from a centralized network controller, logical network configuration information for a logical network to which the set of containers logically connect. The local network controller receives, from the container VM, a mapping of a tag value used by a second MFE operating on the container VM to a logical forwarding element of the logical network to which the set of containers connect. The local network controller configures the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the tag value.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A non-transitory machine readable medium storing a program for a local network controller which when executed by at least one processing unit of a host machine manages a first managed forwarding element (MFE) operating to forward traffic on the host machine for a plurality of logical networks and configures the first MFE to forward traffic for first and second sets of containers operating within a container virtual machine (VM) that connects to the first MFE, the program comprising sets of instructions for:
 from a centralized network controller, receiving (i) logical network configuration information for a first logical network to which the first set of containers logically connect and (ii) logical network configuration information for a second logical network to which the second set of containers logically connect; 
 from the container VM, receiving (i) a mapping of a first tag value used by a second MFE operating on the container VM to a logical forwarding element of the first logical network and (ii) a mapping of a second tag value used by the second MFE to a logical forwarding element of the second logical network; and 
 configuring the first MFE to apply (i) the first logical network configuration information to data messages received from the container VM that are tagged with the first tag value and (ii) the second logical network configuration information to data messages received from the container VM that are tagged with the second tag value. 
 
     
     
       2. The non-transitory machine readable medium of  claim 1 , wherein the first and second tag values are VLAN tags associated with the respective first and second logical forwarding elements. 
     
     
       3. The non-transitory machine readable medium of  claim 1 , wherein the set of instructions for receiving the mapping of the first tag value comprises a set of instructions for receiving a media access control (MAC) address for each container of the first set of containers. 
     
     
       4. The non-transitory machine readable medium of  claim 1 , wherein the first set of containers operating within the container VM comprises a set of virtual machines. 
     
     
       5. The non-transitory machine readable medium of  claim 1 , wherein the data messages comprise at least one of an Ethernet frame, an IP packet, a TCP segment, and a UDP datagram. 
     
     
       6. The non-transitory machine readable medium of  claim 1 , wherein the containers are for isolating services operating within each container. 
     
     
       7. A non-transitory machine readable medium storing a program for a local network controller which when executed by at least one processing unit of a host machine manages a first managed forwarding element (MFE) operating to forward traffic on the host machine for a plurality of logical networks and configures the first MFE to forward traffic for a set of containers operating within a container virtual machine (VM) that connects to the first MFE, the program comprising sets of instructions for:
 from a centralized network controller, receiving logical network configuration information for a logical network to which the set of containers logically connect; 
 from the container VM, receiving a mapping of a tag value used by a second MFE operating on the container VM to a logical forwarding element of the logical network to which the set of containers connect; 
 configuring the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the tag value; and 
 sending configuration information to a second local network controller for managing the second MFE, the configuration information for configuring the second MFE to apply a portion of the logical network configuration information. 
 
     
     
       8. The non-transitory machine readable medium of  claim 7 , wherein the portion of the logical configuration information relates to forwarding data messages between the containers on the container VM. 
     
     
       9. The non-transitory machine readable medium of  claim 7 , wherein the logical configuration information is for applying at least one of firewall policies, quality of service (QoS) policies, and load balancing policies. 
     
     
       10. The non-transitory machine readable medium of  claim 7 , wherein the logical network is a first logical network and the tag value is a first tag value, wherein the program further comprises sets of instructions for:
 receiving logical network configuration information for a second logical network to which a second set of containers operating within the container VM logically connect; 
 receiving a mapping of a second tag value used by the second MFE to a logical forwarding element of the second logical network to which the second set of containers connect; and 
 
       configuring the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the second tag value. 
     
     
       11. The non-transitory machine readable medium of  claim 7 , wherein the containers are for isolating services operating within each container. 
     
     
       12. The non-transitory machine readable medium of  claim 7 , wherein the set of instructions for receiving the mapping comprises a set of instructions for receiving a media access control (MAC) address for each container of the set of containers. 
     
     
       13. A method for a local network controller operating on a host machine to manage a first managed forwarding element (MFE) that forwards traffic on the host machine for a plurality of logical networks, the method comprising:
 from a centralized network controller, receiving (i) logical network configuration information for a first logical network to which a first set of containers logically connect and (ii) logical network configuration information for a second logical network to which a second set of containers logically connect, the first and second sets of containers operating within a container virtual machine (VM) on the host machine that connects to the first MFE; 
 from the container VM, receiving (i) a mapping of a first tag value to a logical forwarding element of the first logical network and (ii) a mapping of a second tag value to a logical forwarding element of the second logical network, the first and second tag values used by a second MFE operating within the container VM to respectively identify the first and second logical forwarding elements for data messages sent from the second MFE to the first MFE; and 
 configuring the first MFE to apply (i) the first logical network configuration information to data messages received from the container VM that are tagged with the first tag value and (ii) the second logical network configuration information to data messages received from the container VM that are tagged with the second tag value. 
 
     
     
       14. The method of  claim 13  further comprising sending configuration information to a second local network controller for managing the second MFE, the configuration information for configuring the second MFE to apply a portion of the logical network configuration information for the first logical network to data messages received from the first set of containers. 
     
     
       15. The method of  claim 13 , wherein the first and second tag values are VLAN tags associated with the respective first and second logical forwarding elements. 
     
     
       16. The method of  claim 13 , wherein receiving the mapping of the first tag value comprises receiving a media access control (MAC) address for each container of the set of containers. 
     
     
       17. The method of  claim 16 , wherein the portion of the logical configuration information relates to forwarding data messages between the containers on the container VM. 
     
     
       18. The method of  claim 16 , wherein the logical configuration information is for applying at least one of firewall policies, quality of service (QoS) policies, and load balancing policies. 
     
     
       19. The method of  claim 16 , wherein the data messages comprise at least one of an Ethernet frame, an IP packet, a TCP segment, and a UDP datagram. 
     
     
       20. The method of  claim 16 , wherein containers are for isolating services operating within each container. 
     
     
       21. The method of  claim 16 , wherein the logical network is a first logical network and the tag value is a first tag value, wherein the method further comprises:
 from the centralized network controller, receiving logical network configuration information for a second logical network to which a second set of containers operating within the container VM logically connect; 
 from the container VM, receiving a mapping of a second tag value to a logical forwarding element of the second logical network, the second tag value used by the second MFE to identify the logical forwarding element of the second logical network for data messages sent from the second MFE to the first MFE; and 
 configuring the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the second tag value. 
 
     
     
       22. The method of  claim 13 , wherein the data messages comprise at least one of an Ethernet frame, an IP packet, a TCP segment, and a UDP datagram. 
     
     
       23. The method of  claim 13 , wherein the containers are for isolating services operating within each container. 
     
     
       24. A method for a local network controller operating on a host machine to manage a first managed forwarding element (MFE) that forwards traffic on the host machine for a plurality of logical networks, the method comprising:
 from a centralized network controller, receiving logical network configuration information for a logical network to which a set of containers logically connect, the set of containers operating within a container virtual machine (VM) on the host machine that connects to the first MFE; 
 from the container VM, receiving a mapping of a tag value used by a second MFE operating on the container VM to a logical forwarding element of the logical network to which the set of containers connect; 
 configuring the first MFE to apply the logical network configuration information to data messages received from the container VM that are tagged with the tag value; and 
 sending configuration information to a second local network controller for managing the second MFE, the configuration information for configuring the second MFE to apply a portion of the logical network configuration information.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.